package cn.zysheep.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

/**
 * @version v1.0
 * @Author: lyw
 * @Date: 2021/7/24
 */
@Controller
@RequestMapping("/user")
public class LoginController {

    @PostMapping("/login-success")
    public String loginSuccess() {
        return "success";
    }


    @GetMapping("/save")
    @ResponseBody
    @PreAuthorize("hasAuthority('save')")  // 拥有save权限才可以访问
    public String saveUser() {
        return "save resources";
    }

    @GetMapping("/update")
    @ResponseBody
    @PreAuthorize("hasAuthority('update')")  // 拥有update权限才可以访问
    public String updateUser() {
        return "update resources";
    }

    @GetMapping("/delete")
    @ResponseBody
    @PreAuthorize("isAnonymous()")   // 可匿名访问,即不需要认证,就可以访问
    public String deleteUser() {
        return "delete resources";
    }


    @GetMapping("/getUsername")
    @ResponseBody
    @PreAuthorize("isAuthenticated()")  // 需要认证（登录）才可以访问
    public String getUsername() {
        return "getUsername resources";
    }

    @GetMapping("/get")
    @ResponseBody
    @PreAuthorize("hasAuthority('get')") // 拥有get权限才可以访问
    public String getUser() {
        return "get resources";
    }

    @GetMapping("/getUserList")
    @ResponseBody
    @PreAuthorize("hasAuthority('save') and hasAuthority('update')")  // 拥有save和update权限才可以访问
    public String getUserList() {
        return "getUserList resources";
    }
}
